NETSCOUT

ENVARTO By Pressmaster

DDoS attacks targeting critical infrastructure

NETSCOUT released its 2H2024 DDoS Threat Intelligence Report, revealing how Distributed Denial of Service (DDoS) attacks have become a dominant means of waging cyberwarfare linked to sociopolitical events such as elections, civil protests and policy disputes. The findings show how attackers exploit moments of national vulnerability to amplify chaos and erode trust in institutions, as they target the critical infrastructure of governments, commercial entities and service providers. Throughout the year, DDoS attacks were intricately tied to social and political events, including Israel experiencing a 2,844 percent surge linked to hostage rescues and political conflicts, Georgia enduring a 1,489 percent increase during the lead-up to the passage of the “Russia Bill,” Mexico having a 218 percent increase during national elections, and the United Kingdom experiencing a 152 percent increase on the day the Labour Party resumed session in Parliament. “DDoS has emerged as the go-to tool for cyberwarfare,” stated Richard Hummel, director, threat intelligence, NETSCOUT. “NoName057(16) continues to be the leading actor for politically motivated DDoS campaigns targeting governments, infrastructure and organisations. In 2024, they repeatedly targeted government services in the United Kingdom, Belgium and Spain.” AI and automation drive scale and impact DDoS-for-hire services have become more powerful using AI for CAPTCHA bypassing, with about 9 in 10 platforms now offering this capability. Additionally, many employ automation to enable dynamic, multi-target campaigns and offer infrastructure exploitation techniques such as carpet bombing, geo-spoofing, and IPv6 to expand attack surfaces. Even the most novice operators can launch significant DDoS attack campaigns causing substantial harm. Botnets playing a bigger role Enterprise servers and routers have been exploited to intensify attacks and make remediation more challenging. Overall botnet populations declined by 5 percent but demonstrated strong resiliency despite concerted takedown efforts. Law enforcement takedown efforts, like Operation PowerOFF, continue to target DDoS-for-hire services but only momentarily disrupt attack platforms as new platforms take their place. The long-term impact is uncertain as attackers adapt and reconstitute their networks, with no significant decline in global attack volume. DDoS attacks are adaptive and persistent DDoS attacks are evolving and adapting faster than ever, creating a challenge for defenders and those entrusted with protecting critical infrastructure networks and service availability. Enterprises, government organisations, and service providers are all targets for DDoS attacks. Successful strategies must deploy proactive intelligence-driven methodologies and automation to mitigate modern-day DDoS attacks effectively. Staying ahead of new threats demands that organisations outmanoeuvre an adversary that can force multiply its strength, speed, intelligence, and persistence like nothing the world has ever seen. Unparalleled attack visibility NETSCOUT maps the DDoS landscape through passive, active and reactive vantage points, providing unparalleled visibility into global attack trends. NETSCOUT protects two-thirds of the routed IPv4 space, securing network edges that carried global peak traffic of over 700 Tbps in 2H2024. It monitors tens of thousands of daily DDoS attacks by tracking multiple botnets and DDoS-for-hire services that leverage millions of abused or compromised devices. To read more news and exclusives, see our latest issue here. Never miss a story… Follow us on: LinkedIn: Security Buyer Twitter (X): @SecurityBuyer Facebook: @Secbuyer Media Contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: [email protected]

DDoS attacks targeting critical infrastructure Read More »

Netscout

Netscout launches Visibility Without Borders platform

NETSCOUT SYSTEMS, INC. (NASDAQ: NTCT), a leading provider of performance management, cybersecurity, and DDoS protection solutions, today introduced its Visibility Without Borders® (VWB) platform to help essential organisations keep goods and services flowing by uniting performance, security, and availability under one common data framework. By proactively identifying areas of complexity, fragility, and risk, the platform unlocks insights at unparalleled scale to deliver the intelligence needed to increase visibility, improve agility, and keep data and applications secure. “Nearly all enterprises are on a digital transformation journey to drive greater optional efficiency, leverage data to develop new services, and provide differentiated customer experiences,” said Bob Laliberte, principal analyst, Enterprise Strategy Group. “However, as more organisations embrace distributed infrastructures, they add complexity, lose control, yet expand their cyber-attack surfaces, opening the door to costly downtime and unaffordable data breaches. Organisations struggle with the lack of fast, reliable detection and remediation that choke performance, compromise security, and eat away at the availability of key applications, data, services, and systems.” Smart data, real-time metadata derived from network traffic and packet data, is the ultimate, consistent data source across any IT infrastructure. It serves as the basis for NETSCOUT’s patented ASI technology and is at the core of NETSCOUT’s VWB platform. The world’s largest and most complex enterprises and communications service providers rely on the NETSCOUT VWB platform to bring together and make use of the massive amounts of data traversing through their networks to address critical needs such as: Network and Applications Performance Management: nGenius Enterprise Performance Management monitors, troubleshoots, and maximises the performance of mission-critical applications and services. The solution integrates with DevOps, ITOps, AIOps, and SecOps ecosystems through APIs and data export and import utilities. Cybersecurity: Omnis Network Security’s advanced network detection and response uses actionable ML-based analytics and insights to defend essential organisations from increasingly sophisticated and damaging cyberattacks. AIOps: Through its advanced data export capability, the VWB platform feeds unique, indispensable metadata to modern analytics stacks, facilitating predictive analytics, network optimisation, anomaly detection, and automated incident management, among other key AIOps functions. Availability: Arbor DDoS Protection protects digital infrastructures and critical services from increasingly frequent, sophisticated, and damaging DDoS attacks. Service Assurance: nGenius for Carrier Service Assurance protects service quality and improve the customer experience across 4G/5G, mobile, IoT, Cloud, and The platform leverages a shared network data collection infrastructure to serve multiple teams throughout an organisation resulting in a highly efficient operational model that promotes collaboration. “Our customers are looking for a platform that can give them the visibility they need to ensure their digital transformation investments continue to bring value to their organisation,” said Michael Szabados, chief operating officer at NETSCOUT. “We help them manage their performance, availability, and security challenges through a single platform that can infinitely and seamlessly scale from remote users to premises to co-los and multi-cloud environments. This powerful platform results from our decades of experience delivering deep packet inspection at unlimited scale.” Read more exclusives and news in our latest issue here. Never miss a story… Follow us on:  Security Buyer  @SecurityBuyer  @Secbuyer Media Contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: [email protected]  

Netscout launches Visibility Without Borders platform Read More »

finance

The finance industry is vulnerable to DDoS attacks

Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT discusses why the  finance industry is vulnerable to DDoS attacks The way financial institutions function has changed in the last two years. As a result of the Covid-19 pandemic, businesses in the finance industry have had to adjust their business strategies and create remote working solutions. Due to the data being accessed from off-site locations, substantial volumes of employees’ confidential and sensitive material have been left accessible to cybercriminals acting outside of typical perimeters by working from home. Perhaps predictably, threat actors have seized the opportunity this has offered them. Thus, regional financial authorities have outlined cybersecurity as a critical priority. The UAE Central Bank, for example, established a new Networking and Cyber Security Operations Centre in November 2021 to contribute to the resilience and preparedness of the nation’s financial sector. More than half of those targeted by DDoS extortion attacks in the first half of 2021 were in the financial industry. Furthermore, NETSCOUT discovered that over 7,000 DDoS assaults were performed against commercial banks and credit card processors during this time. Although it may appear at first that this attack activity is minimal compared to the overall numbers, many were successful in creating significant disruption. This, in turn, impacted downstream customers attempting to use their credit cards, as well as the targeted businesses. If a commercial bank or payment card processor is hacked, the results can be devastating. Because credit card processors can handle over 5,000 transactions per second, even a few minutes of delay can result in millions being lost. This can significantly impact the organisation’s brand and customer retention. Types of DDoS attacks being launched by threat actors As previously stated, financial institutions are subjected to a high volume of DDoS extortion attempts. These attacks differ from traditional DDoS attacks in that the threat actors launch a demonstration DDoS attack against portions of the organisation’s online infrastructure before or after sending an email to the company requesting payment in cryptocurrency, typically Bitcoin. Financial institutions are known to have access to enormous amounts of data and money, which is one of the key reasons why threat actors target them with DDoS extortion assaults. The Lazarus Bear Armada (LBA) DDoS extortion campaign, for example, targeted financial organisations such as commercial banks and stock exchanges, including the New Zealand Stock Exchange. Furthermore, professional ransomware gangs have bolstered their arsenal with triple extortion attacks. Cybercriminals have created a ransomware trifecta by combining file encryption, data theft, and DDoS operations to increase payment possibilities. Moreover, when it comes to mounting DDoS attacks against financial institutions, threat actors employ increasingly complicated strategies. Cybercriminals are modifying the types of attacks they use to overwhelm the multiple layers of on-premises and cloud-based DDoS security that have been built in an attempt to access financial institutions’ online infrastructure. TCP ACK flood assaults, which are meant to overwhelm and impede connections between servers against commercial banks and credit card processing solutions, are a good illustration of this. As a result, downtime and interruptions have hurt institutional and end-users who use these services.   To read more exclusive features and latest news please see our April issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: [email protected]

The finance industry is vulnerable to DDoS attacks Read More »

finance

The finance industry is vulnerable to DDoS attacks

Emad Fahmy, Systems Engineering Manager, Middle East, NETSCOUT discusses why the  finance industry is vulnerable to DDoS attacks The way financial institutions function has changed in the last two years. As a result of the Covid-19 pandemic, businesses in the finance industry have had to adjust their business strategies and create remote working solutions. Due to the data being accessed from off-site locations, substantial volumes of employees’ confidential and sensitive material have been left accessible to cybercriminals acting outside of typical perimeters by working from home. Perhaps predictably, threat actors have seized the opportunity this has offered them. Thus, regional financial authorities have outlined cybersecurity as a critical priority. The UAE Central Bank, for example, established a new Networking and Cyber Security Operations Centre in November 2021 to contribute to the resilience and preparedness of the nation’s financial sector. More than half of those targeted by DDoS extortion attacks in the first half of 2021 were in the financial industry. Furthermore, NETSCOUT discovered that over 7,000 DDoS assaults were performed against commercial banks and credit card processors during this time. Although it may appear at first that this attack activity is minimal compared to the overall numbers, many were successful in creating significant disruption. This, in turn, impacted downstream customers attempting to use their credit cards, as well as the targeted businesses. If a commercial bank or payment card processor is hacked, the results can be devastating. Because credit card processors can handle over 5,000 transactions per second, even a few minutes of delay can result in millions being lost. This can significantly impact the organisation’s brand and customer retention. Types of DDoS attacks being launched by threat actors As previously stated, financial institutions are subjected to a high volume of DDoS extortion attempts. These attacks differ from traditional DDoS attacks in that the threat actors launch a demonstration DDoS attack against portions of the organisation’s online infrastructure before or after sending an email to the company requesting payment in cryptocurrency, typically Bitcoin. Financial institutions are known to have access to enormous amounts of data and money, which is one of the key reasons why threat actors target them with DDoS extortion assaults. The Lazarus Bear Armada (LBA) DDoS extortion campaign, for example, targeted financial organisations such as commercial banks and stock exchanges, including the New Zealand Stock Exchange. Furthermore, professional ransomware gangs have bolstered their arsenal with triple extortion attacks. Cybercriminals have created a ransomware trifecta by combining file encryption, data theft, and DDoS operations to increase payment possibilities. Moreover, when it comes to mounting DDoS attacks against financial institutions, threat actors employ increasingly complicated strategies. Cybercriminals are modifying the types of attacks they use to overwhelm the multiple layers of on-premises and cloud-based DDoS security that have been built in an attempt to access financial institutions’ online infrastructure. TCP ACK flood assaults, which are meant to overwhelm and impede connections between servers against commercial banks and credit card processing solutions, are a good illustration of this. As a result, downtime and interruptions have hurt institutional and end-users who use these services.   To read more exclusive features and latest news please see our Q1 issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: [email protected]

The finance industry is vulnerable to DDoS attacks Read More »

remote work

The visibility challenges to supporting remote work

Emad Fahmy, Systems Engineering Manager, Middle East, at NETSCOUT discusses the visibility challenges to supporting remote work Today’s enterprises continue to adjust IT and security resources in response to changes brought by the pandemic. Enterprises are now faced with the reality that 65% of pandemic-era remote workers want to continue working from home – and 58% say they will look for a new job if their company requires returning to the office. As enterprise security and IT teams continue to grapple with changes in the network necessary to support remote access, they increasingly turn to the edge to do so. Edge computing provides a common abstraction across a range of local and remote IT assets in order to support next generation security and management technology. Moving resources to the edge enables data to be more quickly processed, analysed, filtered and stored, reducing both network latency and operational expense. However, for all of the benefits that edge computing creates for enterprises, it also opens them to new security risks. As enterprises have had to expand services and rely more heavily on the edge, attackers have expanded the threat landscape, as well as the size and scope of their attacks. In the first half of 2021, attackers launched 5.4 million distributed denial of service (DDoS) attacks, an 11% increase from the same period a year earlier. It’s no surprise, then, that security concerns are on the minds of enterprise IT and security teams that are relying upon the edge. The UAE is working hard to build a safe digital economy with highly secure and robust cloud infrastructure and also collaborating with several countries to shore up its digital ecosystem. The biggest concerns are the expanded attack surface and greater exposure to threats like DDoS campaigns, data theft and intrusions into the enterprise network. As more activity is moved to the edge, it’s important for CIOs and CISOs to ensure their teams understand the associated security challenges, while also ensuring that the end-user experience isn’t impacted by the policies and procedures put into place to do so. Impact of Edge on CIOs & CISOs The call for better collaboration, communication and consistency between security and IT teams is not a new one. But explosive growth in cyberattacks since the beginning of the pandemic have added additional pressure. Now more than ever, it’s vital for security and network operations teams to have consistent goals, unified processes and interoperable technologies that protect the network, while also maintaining network uptime and performance for business operations. Doing so reduces costs through shared instrumentation, training, and operational efficiencies. Challenges that must be addressed to protect the edge It’s difficult to get an accurate status of network security because networking and security teams maintain separate tools and reports. Security teams largely view network security through network traffic analysis (NTA) and network detection and response (NDR) tools, while networking teams use various tools to manage devices, traffic flows, and network performance.   To read more exclusive features and latest news please see our Q4 issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: [email protected]

The visibility challenges to supporting remote work Read More »

security teams

Why IT and security teams need to work together

Emad Fahmy, Systems Engineering Manager, Middle East, at NETSCOUT explains why IT and security teams need to work together. Enterprise network and security teams face an egregious increase in cyberattacks against their networks. For example, as of December 2021, more than nine million Distributed Denial of Service (DDoS) attacks have been launched. Indeed, cybercrime has risen to unprecedented levels over the past few months, with bad actors exploiting new vulnerabilities and causing disruption across VPN networks as well as firewalls and cloud-based tools used by employees working from their homes. By preventing legitimate users from accessing networks, attackers can freeze operations and cause financial losses and damage to a company’s reputation. Unfortunately, the problems created by cyberattacks are further exacerbated when IT and cybersecurity teams don’t effectively collaborate. Failure to cooperate often has its genesis in how each team defines its role. While IT teams are tasked with ensuring an efficient experience for employees and customers, security teams are focused on protecting assets and addressing security issues. One recent survey from Enterprise Strategy Group (ESG) shows that 44% of cybersecurity and IT professionals say the relationship between IT and security doesn’t work well for several reasons. Many cite that such issues stem from reporting structures that create conflicting agendas and impede cross-collaboration. Likewise, budgetary conflicts, problems with compliance, and a lack of skilled workers on both teams make effective collaboration a challenge. In fact, cybersecurity professionals say the most stressful aspects of their jobs often stem from these very issues. Almost a third say their most significant stress stems from IT initiatives or projects that were started by other teams with no security oversight, and 31 percent point to working with disinterested business managers. The question, then, is how both teams overcome these challenges to meet employee and customer expectations while also protecting resources from cyber attackers. When surveyed about how that might happen, 58% of IT and security teams say ensuring security personnel is included on IT projects from the start, while 38% said embedding security personnel into functional technology groups is critical. Likewise, 35% say automating processes that promote collaboration between IT and security is needed. Why cross-silo collaboration is essential Cross-silo collaboration is vital for enterprises that want to improve network performance, reduce security risk, and accelerate security incident detection and response. Effective collaboration gives both teams the ability to quickly and effectively determine whether an IT service event is a performance issue or a security incident, which is sorely needed in today’s enterprises’ complex digital infrastructure. The Information Systems Security Association (ISSA) conducted a survey in 2021 to determine how frustrations between IT and security teams might best be addressed. Respondents provided several suggestions that could improve the relationship between security and IT, including involving security personnel on IT projects from the start (58%), embedding security personnel into functional technology groups (38%), automating processes that promote collaboration between IT and security (35%). Cross-silo collaboration is considered imperative for effectively identifying and troubleshooting service performance issues.   Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: [email protected]

Why IT and security teams need to work together Read More »

NETSCOUT

NETSCOUT unveils new UCaaS monitoring capabilities

NETSCOUT SYSTEMS, a provider of cybersecurity, service assurance, and business analytics solutions, announced new unified communications-as-a-service (UCaaS) capabilities for its Smart Edge Monitoring solution to help organisations with work-from-home and hybrid workforce models to help ensure a quality employee experience when using UCaaS solutions like Zoom, Cisco Webex, and Microsoft Teams. NETSCOUT’s Smart Edge Monitoring UCaaS capabilities use patent-pending technology to provide early detection of performance slow-downs with analysis throughout the complex communications ecosystem, including home-user networks, data centres, the cloud, and application data from UCaaS providers. As a result, it quickly pinpoints the source of problems facing end-users, either at home or in corporate or remote offices. “The future success of hybrid workforces and work-from-home employees is directly tied to efficient, continuous, quality communications and collaboration,” said Richard Costello, Senior Research Analyst, IDC. “To ensure continued business continuity and end-user experiences, organisations need greater visibility across varied and complex work environments, such as that offered by NETSCOUT Smart Edge Monitoring, to better determine and mitigate root causes.” IT teams can use Smart Edge Monitoring to analyse the communications path through auto-generated UCaaS transaction metrics that rapidly pinpoint user configuration, application protocol, internet service provider, or server issues with more advanced visibility than traditional tools. Thus, Smart Edge Monitoring can identify what causes performance degradation and why within a single solution and workflow. “Organisations have come to rely on communication and collaboration software to keep their employees connected and productive, no matter where they are performing their jobs,” said Michael Szabados, Chief Operating Officer, NETSCOUT. “The future of work requires visibility into complex network environments, and NETSCOUT gives IT teams the tools they need to resolve even the most challenging communications-related issues to deliver consistent, high-quality, UCaaS experiences.” The announcement follows new research that finds that 93% of enterprise-level organisations have increased their use of unified communications and collaboration (UC&C) platforms since the onset of the COVID-19 pandemic. The increased use has generated a flood of helpdesk requests with implications for the future of work and employee productivity. More than half of helpdesk tickets at 43% of recently surveyed enterprises relate to UC&C issues. “The research shows that while communications and collaboration platforms remain vital for organisations, growing pains continue. Employees continue to be plagued with technical challenges that limit their productivity even as IT teams are under additional strain to diagnose and resolve these issues in a timely fashion,” continued Szabados. “NETSCOUT Smart Edge Monitoring’s intelligent, packet-based approach allows IT teams to see performance problems across complex hybrid work environments to better triage, support, and quickly extinguish root causes.”   Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: [email protected]

NETSCOUT unveils new UCaaS monitoring capabilities Read More »

Scroll to Top